Welcome to the September 2006 Actrix customer newsletter

We have quite a security focus this month with an article on scams and a
couple of security tools featured. I hope there's something here for you.
Or, you could be like most readers and just skip down to the interesting
sites. How could safe surfing possibly compete with cats that look like
Hitler?

Three clever scams

It seems that scams have become an integral part of the Internet. There
are many famous ones that most of us know about, such as the old 419 scam
where you're asked to help some poor victim in Africa move a whole pile of
money out of the country before the evil government there gets its clutches
on it. It's usually the same government that killed his father, or tortured
his wife or something. You provide him with some money (because his is all
inconveniently tied up) and in return you'll get 20% of the 45 million, or
something like that. Of course, you forward him the money, or give him
access to your bank account, and he suddenly disappears. There's a warning
about a variation on this scam in this month's snippets under the General
section.

Then there's the old phishing scam. Something has gone wrong with your
bank account, and you need to log in urgently again to fix it. "Here, quick,
click this link and you'll be taken to the log in page." But you're not taken
to the log in page. Instead you're taken to a copy of the banking site that
is really somewhere else, and your log in details are in fact captured by
these nefarious villains. Or, when you go to the site, a key logger is
downloaded onto your computer that will capture all your key strokes and
send them off to the scammers (but this will generally only happen if you're
silly enough to be surfing with unpatched software and out-of-date virus
protection).

Here are three scams that have been doing the rounds lately.

Scam No 1 - The Old Double Hoax Trick

I received an interesting variation on this one recently. It claims to
come from the Commonwealth bank in Australia. I'm not one of their
customers, so that was the first clue that it was a fake. In an ironic
parody of itself, the e-mail warned me that there was a hoax e-mail
circulating attempting to get Commonwealth Bank customers to participate in
a survey, but that this e-mail was fraudulent. I should go to the site they
linked to and quickly log in to protect my account from all future hoax
e-mails. You can see a copy of this e-mail
here.

Now this is all very vague, and doesn't make a lot of sense, but that
doesn't matter. What they're after is to quickly delude those who don't
really know much about how the Internet works into making a mistake without
thinking. After all, the e-mail is warning me about dangerous hoaxes. It
couldn't be a dangerous hoax itself could it? Oh yes it could, and oh yes it
is.

Most people in New Zealand aren't Commonwealth Bank customers, so they'd
just ignore it and maybe think it was a bit odd that they'd received it. But
if you were a Commonwealth Bank customer, you may not find it so strange,
and that's just what the scammers are hoping. When you click the link in a
phishing scam e-mail, the site may look genuine, but it won't be. Hopefully,
from their perspective, you'll be too flummoxed and fearful to notice any
subtle differences.

This is how a classic phishing scam works, and if you don't know how to
recognise these, you really should. Your bank (or Trade Me, or eBay, or
PayPal or whoever) will never ask for your personal details in an e-mail,
and they will never provide a link to a log in. They may invite you to log
in to see some new announcements or features, but they will advise you to
use your own bookmarked link, or to just browse to their site normally.

Scam No 2 - Laundering the Phish

The second scam offers me a job opportunity that is just too good to
miss, though if I take them up on it, I may find myself not needing to worry
about income for 5-7 years (while I become a guest of Her Majesty's
government). This one offers me a fantastic job as an escrow operator. I can
work from home for just 1-3 hours per day and earn $30,000 per year, plus
bonuses. That sounds like me! All I need is to be over 21 (and I am,
just) honest, responsible and prompt (I can work on these things) and have
one or several bank accounts. The job just involves receiving money into my account(s) from the company's clients and then paying it into the company's
accounts.

It sounds ideal, but it's not hard to see what I'm really being offered
here. I think I'm really being offered the opportunity to launder money for
the people that operate phishing scams. Once they have people's bank log in
details they need somewhere to transfer the money to, and the difficulty
they face is getting the money out of the country. They transfer the money
to me. I transfer my own personal money to them, and then get to keep the
money transferred. I am sure someone with a better knowledge of
international banking could explain this in more details, but the concept is
fairly simple.

I am promised all sorts of career growth if I work hard at this, and they
sound like a really supportive bunch of people. However, when the suits from
Internal Affairs come knocking on my door suggesting that next time I'm
passing the High Court I should probably pop in and explain myself, you can
bet these supportive people will be nowhere to be found, as will be the case
with my own personal funds that I so trustingly transferred. Worse still,
I'll have to give all the money transferred to me back to their victims.

I may escape prison if I can prove I really am stupid and was duped, but
somewhere along the line I'll have known full well that something dodgy was
going on...

Anyway, you can see the e-mail offer I received
here. The bottom line is, reputable
jobs are not offered via unsolicited e-mails (spam) and if they were they'd
be better written. Anything that sounds too good to be true probably is,
especially on the Internet.

Scam No 3 - The Old Domain Name Scam

This one does the rounds every now and then, and has just been in the
news again. It often works through the post rather than via e-mail.
The idea is to send a letter that is really an invitation to register a
domain, but make it resemble an invoice in the hopes that someone will just
unthinkingly pay the amount.

It works like this.

I may own the domain buzzthecat.co.nz. These people look me up in the
domain registry and see that the domain buzzthecat.net.nz is not owned by
anyone. So they send me the invitation, made to look like an invoice. My
secretary or accounts person receives the letter, knows I own something with
buzzthecat in it, doesn't read it very carefully, and thinks it is a bill
for renewing my domain. So he pays the amount. In fact I have now bought a
new domain that I didn't really want, and there are general surprises all
around when the real invoice to renew buzzthecat.co.nz rolls up in a few
months time.

Now if you read the letter carefully (and
there's a copy here) it definitely does say that it is an invitation to
register a domain, but I believe (and
so does the Commerce Commission) that it is a deliberate
misrepresentation all the same. It's made to resemble an invoice and the
company's name (this time its NZ Domain Registration Ltd) is made to sound
like an official body. The prices are ridiculously inflated too. The cost is
$225 for two years registration, and if they're charging that they can
afford to be giving away mp3 players! Actrix will give you the same two-year deal
for $124.90.

You may say I'm a dreamer, but it's still my hope and expectation that
these sorts of scams will decline over time. I am sure that far few people
fall for phishing scams, for example than used to, simply because they're
commonly known about these days. But as long as there is that one in 100,000
that will still fall for it, they'll keep coming. Hopefully, if you've read
this far, that one in 100,000 is not going to be you.

NetCraft anti-phishing toolbar

The NetCraft Anti-Phishing toolbar is designed to protect you from sites that are deliberately set up to steal your passwords
and personal information - for example those you would go to by clicking links in phishing e-mails that appear to have come from your
bank.

It's just under three megabytes to download and is easy to use and install. It appears as an extra toolbar in either
Internet Explorer or Firefox, and you can turn it on and off under the View/Toolbars menu.

The toolbar will pop up a warning if you are about to open a risky site, and you can also use it to report sites to
its creators for future inclusion.

Even if you're net-savvy enough never to fall for a phishing attack, this toolbar has some interesting features for
everyday use. It reports on the location of every site, you visit, who hosts it, and its security risk ranking. Be aware,
though, that any site it doesn’t know about will receive a potential danger warning.

Various site reports are provided by default, and you can find out a lot about the servers any page is on, what
software they're running, how long they've been up, what else they host and much, much more.

Jotti's malware scan

This is an ideal site for those super-conscious of viruses and malware.
You can upload any file on your hard drive to the site and it will then be
examined by fifteen different anti-virus programs. If you've received a
dodgy file, and you want to be fifteen times more sure than most people
about its safety, then this is the tool for you.

Of course the site comes with the usual disclaimers. Even if your file
gets the okay from all fifteen vendors, you just never know for sure.
There's a fifteen megabyte limit on any file you want to scan, too.

Readers' forum

If you'd like to ask a question or request some help on any Actrix
or Internet-related matter. Simply send me an e-mail
with the word "Forum" in the subject line. I'll try and get an answer to you by
return e-mail, and will also post the answer here for the benefit of others who may have a
similar question or problem. By the same token, if you read something here and think you
may have something to suggest, please feel more than free. Please also note that questions
and answers may also turn up under the Helpful Tips section on the Actrix home page (www.actrix.co.nz).

Des writes: Rob, can you please explain why I get the occasional "This message cannot be deleted"
(and refusal to delete) when I'm trying to clear old stuff from my email delete box. This is quite random and can
e.g. pop up in ordinary correspondence from a much-used source. Thanks Des.

Hi Des, This is a bit of a new one for me. I did a search on Google, but there wasn't much out there. In one forum someone
had a similar problem and the group seemed to think that the message might have been corrupted somehow and the ability to move
it to the Deleted Items folder wouldn't work as a result. The problem was solved by pressing the Shift key down whilst the
message was highlighted and pressing the delete key. This means permanent delete in Outlook/Express. Give that a go. Hopefully
it will help.

--

Libby writes, Hi, I've managed to download a program onto my desktop but I cant get to open it. It installs the installation
shield and then when I try to open it again, it seems to just install itself again and this just
goes round and round like this every time I try to open it.

Hi Libby, It sounds like once you've installed the program, you're actually re-opening the
install program again rather than the actual program that has been installed.

Try installing it again and while you're doing so, check you can add a tick somewhere next to a box that says
something like "Install an icon on the desktop". This new icon would appear on your desktop after installation and would
be what you'd click to actually open the installed program.

If you don't have that "place the tick" option during install, then after installation,
have a look in your programs list by clicking on Start/Programs, to see
if you can find the newly installed program that way. You're looking for a little icon that has
the name of the program next to it.

Once you find it in your programs list, right-click on it, and then left-click on "Create shortcut." A shortcut icon should then appear
in your programs list, and you can drag that shortcut out and drop it on your desktop.

I hope that helps.

--

Hey Rob, After your May Newsletter with the site that showed how microwaved water damages plants, I wrote this in to Snopes,
and sure 'nuff, it's false.

Hassle Mewww.hassleme.co.uk/
- Sometimes you just have to be nagged before you'll get things done. With this site you can pre-empt other people
nagging you, by nagging yourself. Enter your e-mail address, a nag message to yourself, and the frequency,
and this site will send you a nagging reminder as often as you've specified. It's free, and the privacy statement promises
your e-mail address won't be shared.

Romance Novel Cover Generatorwww.glassgiant.com/romance/
- Easy to use. Just browse to a picture on your hard drive, enter a few textual details,
and a trashy romance novel book cover is generated just for you. Perfect for Valentine's Day, anniversary or wedding gift. If you've ever dreamed of being on the cover of a Harlequin Romance Novel, this is as close as you're likely to get.
Love in the treetops; the height of romance. One kiss, my darling, before I have to leaf.

Everyday Mysterieswww.loc.gov/rr/scitech/mysteries/archive.html
- Here's a fun page full of science questions and answers that both kids and adults could enjoy.
have a look around and find a topic that interests you. Later on that night you can impress everyone with your knowledge of
theories about why the sea is blue, or why fingers and toes wrinkle in the bathtub.

Could you pass U.S.
Third Grade?www.pibmug.com/files/map_test.swf
- How many American states can you identify? You have a few minutes to drag the names of the states and drop
them in the right places on the map before you're inevitably told that you have just failed Third Grade. It's a bit depressing until
you remember that most Americans would also fail.

Cats that look like Hitlerwww.catsthatlooklikehitler.com/
- "Does your cat look like Adolf Hitler? Do you wake up in a cold sweat every night wondering if he's going to up and
invade Poland? Does he keep putting his right paw in the air while making a noise that sounds suspiciously like "Sieg Miaow"?
If so, this is the website for you."

Where do people click, and why?http://blog.outer-court.com/click/
- At this click survey site you're presented with a series of images and you're invited to click on them anywhere.
You're then shown how you compare to others who've clicked the same images. This answer the "where they click" question,
but doesn't say a whole lot about the "why click there" question... though sometimes it's not hard to tell.

Children's letters to Godhttp://uk.download.yahoo.com/pr/fu/oa/childrenandgod.jpg
- "Thank you for the baby brother, but what I prayed for was a puppy." Some of these are really funny, and some display
the sort of insight only a child could have. I wouldn't mind an answer to some of the questions myself. I mean, was the giraffe
really supposed to look like that?

Secret messages for kids onlywww.thunk.com/index.cgi
- It's like PGP for kids, but I know some adults are going to give this a try as well. You enter your messages into the
Thunk console and click the Scramble button. Whatever you've written gets rendered as gobbledegook. You copy and paste
that into an e-mail and your recipient uses the Thunk console to unscramble it.

Web Puzzlerhttp://imagiware.com/puzzle/
- In an age when everything on the web is starting to go whizz, bang and
pop, sometimes it's nice to just have something simple to play with. Try
to solve the puzzle by rearranging the pieces. Switch any two pieces by
selecting the corresponding buttons next to the image. Click on the puzzle itself to see the completed image. The Web Puzzler also now keeps track of how many moves it takes you to solve the puzzle.

Silly punshttp://www.sillypuns.com/
- This is one almost endlessly long page full of puns. Most are real groaners - the sorts of jokes you'll tell and
everyone will moan about how bad they are (and then go off and tell everyone the same jokes themselves). It's a great
source for parents who need to keep up their reputations for awful jokes with their kids.
"I fired my masseuse today. She rubbed me the wrong way...."

New Zealand

Prison blogger hasn't done anything wrong: A prisoner who is sending a website graphic accounts
of life behind bars is not breaking the law, Corrections Department chief executive Barry Matthews said yesterday.
Click here for more.

Internet artery to get surgery: The $US1.3 billion subsea cable that carries internet traffic and phone calls
to and from New Zealand, Australia and the US is set to undergo major surgery that may see its capacity more than quadrupled
at a cost of hundreds of millions of dollars.
Click here for more.

Thousands of TradeMe users caught in scam: The TradeMe internet auction site has had to shut thousands of its customers'
accounts after cyber criminals gained access to their details through a phantom website.
Click here for more.

Websites rate service and skills: Two online businesses have sprung up with different approaches to solving one of the
vexed questions of the 21st century: how to find a reliable tradesman.
Click here for more.

NZ climbs to eighth in internet rankings: More than two-thirds of New Zealanders now have internet access at home,
placing this country eighth out of 30 developed countries.
Click here for more.

Internet dating blamed for rise in attacks: The majority of people using the internet to meet potential partners
were doing it safely, Dr MacDonald said. "But the minority are the ones I see and it's a concern for me."
Click here for more.

Trade Me mapping site follows jobs launch: Trade Me has followed up on its assault on the online jobs market by
launching a website that lets visitors browse an electronic map of New Zealand.
Click here for more.

Broadband uptake improving - slowly: New Zealand broadband uptake is improving but too slowly to improve its
relative international standing of 22nd among OECD countries.
Click here for more.

Spy software is coming your way: Software capable of powerful and intrusive searches of personal computers is to be
used in New Zealand.
Click here for more.

General

The rise of the cyber-children: Computer literacy is increasingly seen as an essential skill for children.
But what is the best age to introduce them to computers and does it give them a head-start?
Click here for more.

Site offers death alerts for baby boomers: Instead of career and school sections, Eons.com has interactive
games to build brain strength, news on entertainment and hobbies for older people, a personalized longevity calculator and
tips to live longer.
Click here for more.

CafePress for wall art?: ImageKind, a site that offers users the ability to upload art
(which can be in the form of digital photography, digital/computer generated artwork and scanned traditional artwork) and
then have it professionally printed/framed/mounted, has launched in beta.
Click here for more.

How the web went world wide: In a few short years the web has become so familiar that it is hard to think of life
without it or remember what life was like before its invention.
Click here for more.

College students warned about Internet postings: Incoming college students are hearing the usual warnings this
summer about the dangers of everything from alcohol to credit card debt. But many are also getting lectured on a new topic -
the risks of Internet postings...
Click here for more.

Internet upgrade for Domesday Book: The iconic 11th Century document, which has been rebound, copied, facsimiled and even
hidden in prisons, has been made available online.
Click here for more.

419ers no longer safe on their home turf: Dutch police have arrested a 30-year-old man in Lagos, Nigeria, thought to be
the mastermind behind a European advance-fee (419) scam.
Click here for more.

Psst! Secret JFK documents for sale: "I am a former KGB agent. I am too old and seriously ill to fight for the truth. I
am dying from a blood disease. I hope you are the person to help me reach my goal. It will bring you fame. Calmness for me,"
the email reads.
Click here for more.

Expanding waistlines lead shoppers online: Fed up with the clothes on offer by bricks and mortar stores? You could do what
thousands of Americans do and head online to find that perfect outfit.
Click here for more.

Police warn people to avoid internet church scam: Police have warned people not to be influenced by the Glory of God, after
another internet scam seeking bank account details.
Click here for more.

Teens go online to buy alcohol: The internet is providing a new avenue for underage drinking. Results of a new survey
confirm that millions of United States teenagers either buy alcohol online or know an underage friend who does.
Click here for more.

Internet addicts halfway house opens in China: Mainland China has opened its first halfway house for internet addicts,
offering shell-shocked teenagers counselling, books - and the use of computers.
Click here for more.

Spammers manipulate stock markets: Spam messages that tout stocks and shares can have real effects on the markets, a
study suggests.
Click here for more.

Online retailers good at customer communication: Online retailers are doing a better job communicating with their
customers, but they still gather and re-use personal information without permission, according to the Third Quarter 2006 Online
Customer Respect Study of Retailers.
Click here for more.

Google heads for the office: Google is making a concerted move beyond search and advertising into the business software
market, starting with a set of web programs for email, scheduling and communications.
Click here for more.

Viruses

Virus program incurs church wrath: "As Christians, we're used to not always getting answers to our prayers
immediately, but this seemed to take the biscuit."
Click here for more.

Researchers warn over web worms: Exploiting a lack of security checks in browsers and Web servers, web worms
and viruses are likely to become a major threat to surfers, security researchers speaking at the Black Hat Briefings warned.
Click here for more.

Mocbot worm fuels zombie surge: The number of compromised zombie PCs has shot up by almost a quarter (23 percent)
over the last week because of the release of a new computer worm variant.
Click here for more.

Security and Safety

Meta tag abusers face 20 years in prison: The US has passed legislation which controls what website
operators are allowed to put in their site meta tags. The law bans the use of words which might lead anyone to obscene content.
Click here for more.

Child online safety card unveiled: A virtual ID card designed to improve children's net safety has been launched in the UK,
US, Canada and Australia.
Click here for more.

Firefox Is Doing So Well It's Now A Malware Target: You've come a long way, baby. Mozilla has arrived in a big way, with
the 200 millionth download of the Firefox browser on Monday, less than two years after Firefox made its debut.
Click here for more.

Children to learn of internet perils: Schoolchildren in the UK are to be taught about the dangers of the internet amid
government and police concern at the growing threat posed by paedophiles targeting chatrooms and social networking sites.
Click here for more.

Google warns on 'unsafe' websites: Google has started warning users if they are about to visit a webpage that could harm
their computer.
Click here for more.

Mainly Microsoft

Microsoft to hackers: Take your best shot: After suffering embarrassing security exploits over the past several years,
Microsoft Corp. is trying a new tactic: inviting some of the world's best-known computer experts to try to poke holes in Vista,
the next generation of its Windows operating system.
Click here for more.

Mac News

Apple Patches OS X Holes: Many of the fixes, available for download at Apple's Security Update Web site, address potential
system crashes and unauthorized access to files.
Click here for more.

Unix, Linux and Open Source

Linux's foray into Windows territory: The open-source Linux operating system has made deep in-roads into the
servers of large companies, but employee desktop's have so far remained Microsoft's stronghold.
Click here for more.

Previewing KDE 4: Recently at a Linux show, John Littler saw a preview of a new version of KDE running on a KDE
developer's laptop. The interface looked cleaner than before, and apparently there was a whole raft of new stuff under the hood.
Click here for more.

The Linux Kernel: Sweet 16 Forever?: Old Linux kernels don't necessarily die off once a new one becomes available.
Click here for more.

A Coverity Eye on Firefox Code: Mozilla has long relied on its community to help it identify bugs within applications.
Now it has another ally in the fight against bugs.
Click here for more.

Why is Linux Successful?: The success of Linux over the past 15 years boils down to a few key factors, according to a panel
of Linux luminaries.
Click here for more.

The Weird, Weird Web

Google Earth reveals swastika water feature: Google Earth aficionados have created a bonfire in the quiet town
of Maasmechelen in Belgium by revealing that the fountain at the city council office looks like a swastika from the air.
Click here for more.

Couple-surfing: a trend is born: As the internet evolves - with its webcams, iPods, Instant Messaging, broadband,
wi-fi and blogs - its image as a relationship-wrecker is changing.
Click here for more.

Geeks declare war on CAPS LOCK: "Maybe it's time to encourage people to remove their caps lock keys and send
them to us. How many would we collect? Would anyone care?"
Click here for more.

To have and to hold online: To have and to hold is one thing - to sanctify your union online and subject friends
and family to the story of your undying love is quite another.
Click here for more.

Each month we dredge through our archives to pull out stories from the Actrix Newsletter of exactly five years ago.
Sometimes these stories will show just how much the net has changed in such a short time,
and sometimes they'll be included just because they're interesting.

Hackers to the honey: A decoy computer network set up to record every attempt to crack it open and subvert
it has revealed just how active and determined malicious hackers have become.
Click here for more.

Privacy on the Internet? No Way!: Over the last couple of millennia there have been many debates regarding
the rights of an individual citizen versus the "needs" of the State. Today, of course, in the western reaches of
civilisation there is no need for anyone to be seriously worried about their rights...
Click here for more.

Microsoft Looking Forward to 2003: Microsoft insiders were jumping around with excitement early last month as
the strangely-named 550 days program kicked off. Something wonderful is obviously scheduled to happen 550 days from July
2nd, but what? What major event does the software behemoth have pencilled in for Friday 3rd January 2003?
Click here for more.

Thanks again
for reading the Actrix newsletter. Feedback can be sent to me via the e-mail address
listed below. Please limit this to comments/suggestions regarding the newsletter.
Non-forum requests for support should go to the Actrix Help Desk (support@actrix.co.nz) or to the Accounts Department
(accounts@actrix.co.nz).